If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Torify Terminal

I was playing with the tor tool provided in backtrack2 and wanted to know how i can torify all the tranfers that happen through the terminal? i mean how can send all data through a onion network while using commands like telnet,scanning,etc

Personally, I've always just preferred to use Proxy Judges to determine if the proxies I plan on using are....... High Anonymous Proxies (Level 1), or...... Anonymous Proxies (Level 2) instead of using TOR or any "software" type anonymizers.

High Anonymous Proxy (Level 1): The web server can't detect whether you are using a proxy by the information your browser sent.

Anonymous Proxy (Level 2): The web server knows that you are probably using a proxy, but it can't detect your real IP.

Transparent Proxy (Level 3): The web server knows that you are using a proxy and it can also detect your real IP address.

Anything above a level 2 proxy and your IP address will be reviled. There are also level 4 and Level 5 proxies and they both spill your IP.

Thanks a lot for that info. but again all the anonymizers i found let me just browse anonymously but i wanted use the connections from the terminal (the low level tcp connections) through a proxy. how is that done?

Thanks a lot for that info. but again all the anonymizers i found let me just browse anonymously but i wanted use the connections from the terminal (the low level tcp connections) through a proxy. how is that done?

Thanks a lot for that info. but again all the anonymizers i found let me just browse anonymously but i wanted use the connections from the terminal (the low level tcp connections) through a proxy. how is that done?

Open a shell.
Make the connection to the anonymizrer
Open a shell
Make the connection to the target.

I was playing with the tor tool provided in backtrack2 and wanted to know how i can torify all the tranfers that happen through the terminal? i mean how can send all data through a onion network while using commands like telnet,scanning,etc

use socat or torify. I recommend using them within a chroot environment to prevent DNS lookups of the destination address. I'm not positive this is necessary. I don't exactly know how to use torify, but it appears to do the same basic thing as socat, just as a single command.

Here's what I do, for example, for rsync. Rsync uses port 873, and the tor proxy on my computer accepts connections on 9050. I'm connecting to hiddenservice.onion to rsync files.

In one terminal, start a proxy session to your destination. Obviously, if your not accessing a hidden service, replace that with REMOTESERVER.COM:PORT. If you want to view the data socat is transmitting, to ensure it's not sending any private data, add a "-v " before TCP4-LISTEN:

socat is now listening on tcp port 4141 on the localhost, so connect to that with your terminal command. Eg:

Code:

rsync -Pav rsync://localhost:4242/SOME/PATH /MIRROR/PATH

This will work with cmdline irc clients and everything else. It will not work with ICMP based traffic like ping, but for UDP and TCP you're fine (with slight modification to your socat command).

=============================Edit The below is not needed for recent versions of socat, unless you are paranoid. According to the torwiki (wiki.noreply.org/noreply/TheOnionRouter/TorifyHOWTO), "socat versions up to and including 1.3.2.2 had a bug that would use SOCKS4A only when a direct DNS resolution attempt failed, thus possibly revealing which DNS names you accessed through socat." So if you have a newer version (current is 1.6). Older versions that leak DNS need to be used in the chroot, as described below
=============================
Now, one problem with this is that (I believe) your computer will do a DNS lookup on HIDDENSERVICE.onion to try and send an IP address to the proxy. This is can be avoided through a proper chroot.

The first lib (linux-vdso.so.1) is statically linked, that is, a part of the bash binary. The others need to be copied, so /lib/libncurses.so.5 etc go in chroot/lib and /lib64/ld-linux-x86-64.so.2 goes in chroot/lib64. You will need to repeat for each binary. For a somewhat messy oneliner, user:

The most important in creating your DNS shielding chroot is that you DO NOT copy /etc/resolve.conf into chroot/etc/. If you do this, your chroot will known how to resolve DNS! You want it to NOT know so it has to send the unresolved address down the proxy. Also note, you really only need to run the socat within the chroot, as it presents a TCP socket to the whole computer, so you can run rsync, telnet, etc from a normal shell (or even if iptables isn't configured. As a second note, your chroot won't be able to resolve anything, even localhost, so replace that with 127.0.0.1. The destination address REMOTESERVER.COM or HIDDENSERVICE.ONION will be resolved through the proxy once it fails to resolve locally.